We learned about the inner flow of the User Notification Service and his use of SOAP protocol and HTTP...

Being HTTP based has big advantages :) :

It uses a well known and tested interface/protocol.

It makes possible to use intuitive and well known security features, such as digest authentication or TLS encryption.

It makes for a unified interface between local and remote agents - no need to learn two methods.

It makes possible for an ISV to mimic the UNS behavior

But being HTTP based has its disadvantages too :( :

A lot of factors can interfere with the normal and easy flow of networking -- correct performance depends on the correct configuration of many parameters, and any error will lead to a "Failed to subscribe to local Intel AMT" message in the Event Viewer.

Let's see some examples:
In a simple connection, UNS will send the HTTP packets to LMS who will in turn translate and redirect them to the HECI (Intel MEI) interface. If either LMS or HECI is not working, the subscription will fail.
In more complex setups other parameters can affect the connection: If TLS is configured, the certificates must be configured correctly. If anonymous access is disabled in AMT, a user must be configured. And so on.

Any of these errors will cause a "Failed to subscribe to local Intel AMT" message in the Event Viewer.
To make it easier to troubleshoot, here is an exhaustive list of causes to this error (in the order they're likely to happen), and how to fix each one:

Possible cause

Explanation

Fix

Less than 3 minutes since previous subscription

In order to protect the Intel AMT flash part in the board from continuous write instructions, Intel AMT accepts only one local subscription every 3 minutes.

Wait at least three minutes before re-starting UNS.

Note: When this error appears, UNS will retry to connect automatically after a few minutes. There is no need to restart it manually.

TLS is not correctly configured

As you can see from the explanation above, UNS will not be able to use TLS certificates unless they're located at the computer account storage.

LMS is stopped or not started.This only happens if you manually stop the service or remove it from the service lists.You can check if this is the case by running "sc query LMS" from a command line.

Either restart the LMS service ("sc start LMS") and/or reinstall the LMS software.

HECI disabled or uninstalled

This happens when the HECI (Intel MEI) device is disabled (see device manager) or uninstalled.The Intel MEI device can additionally be disabled or enabled in the BIOS, but that depends on your platform vendor.

Enable Intel MEI in the device manager, and/or re-install the driver.In case you have disabled Intel MEI in the BIOS, re-enable it.

Ports 16992 or 16993 are occupied by another app

Ports 16992 and 16993 are registered with IANA to Intel .However, that doesn't mean that another application can't use these ports inadvertently.You can check with "netstat -oba" if this is the case

Stop/kill the other application and re-start LMS and UNS.

Anonymous access is disabled

In case anonymous access to Intel AMT is disabled, UNS will not be able to connect unless credentials are provided.

Use the "-unsUser" and "-unsPass" to configure credentials, as explained in the previous article.

Intel AMT unconfigured or disabled

In some of the early platforms of 2.5 version, this error may appear in event viewer when Intel AMT is disabled or unconfigured on the platform.

Update the software version, by installing a new LMS/SOL software pack.

Maximum subscriptions reached

There is a maximum to the number of concurrent local subscriptions, the number varies between projects. If the max was reached, no additional subscriptions are allowed.

This situation is very unlikely to happen, as UNS deletes all the local subscriptions he's got access to before adding his own. This fact, and the fact that you probably have no other service subscribing locally make it almost impossible to happen in the field. However, we list it in order to keep the list complete.

I hope the list above is useful.
If you encounter anything that can be fixed, please let know in the comments!

5 comments

You read all the 7 parts? I'm flattered! :)
And happy that you found them interesting.

Yes, there is a lot more to these software than it seems at first glance. All of them have configurations and customizations to improve the user experience.
Please let know if there is anything else that you want to know, I'll try to address them in the future posts of the series.

I just finished to read all the 7 parts of the series and I learned a lot.
You know, everybody usually close the notification pop-ups and don't know that there are many possibilities to customize and troubleshoot the service working in the background.